It may not seem important, but the geographic location of the computers in your network infrastructure can raise important issues for your business. This chapter outlines the legal, social, and economic concerns that may influence where you house your servers.

This chapter is from the book

The address of your corporate office might be the first thing that comes to mind when you think about your company's location, but should you also be similarly concerned about the location of your computers? Maybe one day in the future there won't be any discussion around the location of the computer. After all, who knows where the SABRE airline reservation computers are located? But until then there are real and perceived issues to be confronted. Many factors must be considered when making these decisions, including data privacy laws, networking predictability and performance, the political stability of the region, and the security and robustness of the facility. All these factors must be taken into account. In this chapter, we discuss the issues and some of the technical solutions being pioneered to allow users to choose the location of the computers, whether it's right next door or 6,000 miles away.

The Law

Let's start by considering international data privacy laws.
Multinational firms that handle employee and customer data in Europe are finding
it increasingly hard to quickly roll out new applications because of data
privacy laws mandated by the European Union (EU). Across Europe, corporations
must now pay a visit to the local data protection authority to disclose how
marketing, human resources, financial, and healthcare data they collect is being
warehoused, processed, or transported in or out of the EU. Moreover, these firms
have to seek permission from worker-based organizations known as works
councils to start new IT projects. Each of the 15 EU countries has adopted,
or is in the process of adopting, slightly different provisions to satisfy the
EU privacy directive issued in 1998 to promote harmonization of data privacy
regulations.

European-based businesses acknowledge they must plan further in advance than
they used to for IT projects. U.S. operations have to be sure they are abiding
by European laws if they receive data on European subjects. The EU won't
let data go to locations deemed to have inadequate data privacy laws, such as
not giving European citizens the right to give consent for how data is shared or
processed.

Some view the United States, with its freewheeling marketing practices, as
generally inadequate in data privacy protection. At one point, it seemed
possible that the EU might not allow citizen data to be transported to the
United States. However, the EU and the United States reached a compromise with
the so-called Safe Harbor agreement.